You're reading from Decentralized Identity Explained Embrace decentralization for a more secure and empowering digital experience

Product type Paperback

Published in Jul 2024

Publisher Packt

ISBN-13 9781804617632

Length 392 pages

Edition 1st Edition

Tools

Blockchain

Concepts

Cybersecurity

Author (1):

Rohan Pinto

View More author details

Table of Contents (22) Chapters

Preface

1. Part 1 - Digital Identity Era: Then

2. Chapter 1: The History of Digital Identity FREE CHAPTER

3. Chapter 2: Identity Management Versus Access Management

4. Part 2 - Digital Identity Era: Now

5. Chapter 3: IAM Best Practices

6. Chapter 4: Trust Anchors/Sources of Truth and Their Importance

7. Chapter 5: Historical Source of Authority

8. Chapter 6: The Relationship between Trust and Risk

9. Chapter 7: Informed Consent and Why It Matters

10. Chapter 8: IAM – the Security Perspective

11. Part 3 - Digital Identity Era: The Near Future

12. Chapter 9: Self-Sovereign Identity

13. Chapter 10: Privacy by Design in the SSI Space

14. Chapter 11: Relationship between DIDs and SSI

15. Chapter 12: Protocols and Standards – DID Standards

16. Chapter 13: DID Authentication

17. Chapter 14: Identity Verification

18. Part 4 - Digital Identity Era: A Probabilistic Future

19. Chapter 15: Biometrics Security in Distributed Identity Management

20. Index

Why subscribe?

21. Other Books You May Enjoy

Public key cryptography – the origin of secure public networks

Public key cryptography is regarded as one of the most significant technological achievements of the 20th century. There would be no way to safeguard the public networks on which global communication and business rely without it. British government cryptographers discovered the approach in the mid-1970s, and US researchers Whitfield Diffie and Martin Hellman revealed it separately in 1970 and released a white paper.

The system operates based on a connected pair of keys, one private and one public. The public key can be widely distributed; however, the private key must be kept hidden to decode messages that have been encrypted by the public key. The crucial aspect is that it is computationally impossible to extract the private key from the public key; hence, while the public key may encrypt messages, only the private key holder can decode them.

Secure communication and data transfer are critical in today’s digital world. Public networks are frequently used by organizations and people to transfer sensitive information such as financial transactions, personal data, and business interactions. The necessity for privacy and secrecy, on the other hand, has led to the creation of secure public networks that rely on PKI. In this section, we will look at the beginnings of these networks and how PKI became a critical tool for ensuring safe and trusted communication.

The evolution of public networks

The history of public networks, such as the internet, dates back to the 1960s. These networks were initially intended to enhance communication and data exchange between the government and academic organizations. As the internet grew in popularity and became more widely available, its potential as a global communication medium became clear. However, the open and decentralized structure of public networks faced serious security issues.

The need for secure communication

Concerns regarding data privacy and the interception of sensitive information arose as public networks proliferated. When it came to secure communication over public networks, traditional encryption approaches, such as symmetric encryption, had drawbacks. To build trust and confidentiality in these contexts, a breakthrough was required.

The emergence of PKI

PKI, the cornerstone for secure public networks, was first proposed in the 1970s. Whitfield Diffie and Martin Hellman, two British mathematicians, invented public key cryptography in 1976. Their revolutionary study transformed the science of cryptography by presenting a way for secure communication that did not require the use of a shared secret key.

Using each other’s public keys, the Diffie-Hellman key exchange technique allows two parties to establish a shared secret key via an unsecured channel. This notion set the way for the creation of PKI, which was built on the idea of public key cryptography to establish a comprehensive framework for secure communication.

Components of PKI

PKI is made up of numerous components that work together to enable safe communication and trust between entities. These elements include the following:

Public/private key pair: Each entity in the PKI ecosystem has a set of mathematically connected keys. The public key is freely accessible to others, but the private key is kept secret by its owner.
Digital certificates: PKI relies heavily on digital certificates. These certificates are issued by a trusted third party known as a certificate authority (CA) and tie an entity’s public key to its identity. Certificates provide information such as the entity’s name, public key, and the digital signature of the CA.
Certificate authorities (CAs): CAs are in charge of certifying the legality and authenticity of companies obtaining digital certificates. They digitally sign these certificates, offering a mark of approval and establishing confidence in the entity’s public key.
Certificate revocation: PKI also includes procedures for revoking certificates. If a private key is hacked or an entity’s identification is no longer legitimate, the related certificate can be revoked to prevent it from being abused.

Benefits and applications of PKI

PKI provides significant advantages for secure communication and has found uses in a variety of sectors. Among the notable advantages, we have the following:

Confidentiality: PKI enables sensitive information to be encrypted, guaranteeing that only the intended receiver can decrypt and access it
Authentication: PKI allows organizations to use digital certificates to verify one another’s identities, lowering the danger of impersonation or unauthorized access
Integrity: PKI ensures that data is not tampered with during transmission by allowing the use of digital signatures
Non-repudiation: PKI enables digital transactions to be authenticated, prohibiting entities from denying their involvement

Drawbacks of PKI

While PKI is extensively used and regarded as a strong security system for storing digital certificates and enabling secure communication, it does have several shortcomings and challenges:

Complexity: Implementing and administering a PKI may be complicated and time-consuming, particularly for organizations with big and remote systems. Infrastructure, CAs, and certificate revocation lists (CRLs) require technical competence and constant maintenance.
Cost: PKI deployment can be costly in terms of hardware, software, and people training. Managing the lifespan of digital certificates also incurs continuous operational costs.
Single point of failure: In classic PKI designs, the central CA is a single point of failure. If the CA’s private key is hacked or becomes inaccessible, the entire PKI may be compromised or become unavailable.
Certificate revocation challenges: It can be difficult to revoke certificates, especially in large-scale installations. To verify certificate validity, dependent parties must execute CRL or Online Certificate Status Protocol (OCSP) checks. CRLs, on the other hand, may become huge and inconvenient, and OCSP checks can add delay to the authentication process.
Scalability and performance: The speed and scalability of the PKI infrastructure might become an issue as the number of users and devices grows. The time it takes to validate certificates during authentication might influence the user experience, especially in high-load settings.
Certificate management: Certificate administration must be handled carefully by organizations so that they can avoid expired or invalid certificates, which can cause service interruptions and security issues.
Limited anonymity: PKI commonly employs public and private key pairs, which intrinsically link a user’s identity to their digital certificate. This lack of anonymity may be an issue for some apps that demand user privacy.
Trust in CAs: The credibility of the CAs providing digital certificates is critical to the security of a PKI. If a CA is hacked or behaves maliciously, the entire PKI ecosystem is jeopardized.
Key management: Private key protection and management are critical components of PKI security. Unauthorized access and potential data breaches can occur if private keys aren’t safeguarded appropriately.
Interoperability: Different systems and applications may support PKI and digital certificates to differing degrees, resulting in interoperability concerns.

Despite these disadvantages, PKI is still an important technique for secure digital communication and authentication. Many of the issues may be minimized by careful planning and following best practices in certificate administration, as well as the use of developing PKI technologies and standards.

Secure public networks and PKIs

Because of PKI being incorporated into public networks, secure communication protocols such as HyperText Transfer Protocol Secure (HTTPS) for web browsing, Secure Shell (SSH) for secure remote access, and virtual private networks (VPNs) for secure private connections over the internet have been developed. PKI is used in these protocols to create secure connections, encrypt data, and authenticate the identity of organizations.

The introduction of secure public networks based on PKI has transformed the way we interact and trade data. PKI lays the groundwork for establishing trust, maintaining secrecy, and facilitating secure transactions across public networks. Its continuing development and implementation will be critical in protecting sensitive information and preserving the integrity of our digital communication in the coming years.

With a thorough grasp of public key cryptography and its function in data security, we can now appreciate its practical applicability in real-world circumstances. The World Wide Web is one of the most widely used venues for public key cryptography. In the next section, we will look at how this core technology supports the security of online communications, e-commerce, and other aspects of the current digital world.